rogue_one 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +12 -3
  3. data/lib/rogue_one/detector.rb +1 -5
  4. data/lib/rogue_one/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6f56c7358aca2eaaacd1e5d93d88793cd60dbc7cfa2b4b1d21e3a4a2ba68b44b
4
- data.tar.gz: a0b87b0b0084a95a4285b2781c657beb5a88f191ff392dcc35fc1f25a6e62955
3
+ metadata.gz: 86c74a7df8a4bcd245b6f298b96a70b249e173dcb75b0813beb14b128739e11e
4
+ data.tar.gz: 8e164de064b6f087d2574ae02fa1ed7ad885da285531c00f2d488ce1f41a08b8
5
5
  SHA512:
6
- metadata.gz: c22cf1c4878be88a3fa3098f7132334a1c998b4dbcc91aff77595b78932708d1b15c2c1735cea742689c19099ce49fe2e0ceddedf0e2e8baeb9f850bcd43b5e2
7
- data.tar.gz: f71648b22084e42702e681930ffa5b7f0da42c00b444634eca93a4b347dfb201dea9f008becc85b6105ec2c47a9c6cfa8ccbed43792587e64ba07a9bcdbe7898
6
+ metadata.gz: c12b466c5fc8b96ab64bd77c2ed8309fbc6497c5d8c831d31e2b850b592446f5eefe68eb5011cf216dc9703bfafde2ff1a2f1c202943dde86b802db47beb1ffc
7
+ data.tar.gz: b805443996b4a28c1e6108fcaa1e45f1ea085db24db2428ae9c0a723f1c9017c61508e6d29151e6ae83186242c170546b5f914b6079aa6ee661b483527d8c9d4
data/README.md CHANGED
@@ -19,23 +19,32 @@ Commands:
19
19
 
20
20
  $ rogue_one report 1.1.1.1
21
21
  {
22
- "verdict": "rogue one",
22
+ "verdict": "benign one",
23
23
  "landing_pages": [
24
24
 
25
25
  ]
26
26
  }
27
27
 
28
- $ rogue_one reprot 1.53.252.215
28
+ $ rogue_one report 1.53.252.215
29
29
  {
30
30
  "verdict": "rogue one",
31
31
  "landing_pages": [
32
- "1.171.170.228",
33
32
  "1.171.168.19",
33
+ "1.171.170.228",
34
34
  "61.230.102.66"
35
35
  ]
36
36
  }
37
37
  ```
38
38
 
39
+ | Key | Desc. |
40
+ |---------------|--------------------------------------------------|
41
+ | verdict | A detection result (`rogue one` or `benign one`) |
42
+ | landing_pages | An array of IP of landing pages |
43
+
44
+ ## Notes
45
+
46
+ - This is just a PoC tool. I cannot guarantee the results with high confidence at the moment.
47
+
39
48
  ## License
40
49
 
41
50
  The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/lib/rogue_one/detector.rb CHANGED
@@ -11,7 +11,6 @@ module RogueOne
11
11
  def initialize(target:)
12
12
  @target = target
13
13
  @memo = Hash.new(0)
14
- @mismatched_domains = []
15
14
  end
16
15
 
17
16
  def report
@@ -30,12 +29,10 @@ module RogueOne
30
29
  end
31
30
 
32
31
  def rogue_one?
33
- @mismatched_domains.length > 50
32
+ !landing_pages.empty?
34
33
  end
35
34
 
36
35
  def landing_pages
37
- return [] unless rogue_one?
38
-
39
36
  @memo.map do |ip, count|
40
37
  count > 10 ? ip : nil
41
38
  end.compact
@@ -47,7 +44,6 @@ module RogueOne
47
44
  target_result = target_resolver.dig(domain, "A")
48
45
 
49
46
  if normal_result != target_result
50
- @mismatched_domains << domain
51
47
  @memo[target_result] += 1 if target_result
52
48
  end
53
49
  end
data/lib/rogue_one/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module RogueOne
4
- VERSION = "0.1.0"
4
+ VERSION = "0.1.1"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rogue_one
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki